CNNVD-202510-1407 Information

CNNVD ID

CNNVD-202510-1407

Related CVE

CVE-2025-62158

• CNNVD Published: 2025-10-10

Description (Chinese)

Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.38.0之前版本存在信息泄露漏洞，该漏洞源于学生上传的作业附件被存储为公开文件，可能导致未经身份验证的任意用户访问这些文件。

Description (English)

Frappe Learning is an easy-to-use open-source learning management system for Frappe open sources. There was a leaking loophole in the previous version of Frappe Learning 2.38.0, which originated from the fact that the operational attachments uploaded by students were stored as public documents, which could lead to access to those documents by random users without authentication.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

Frappe

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/frappe/lms/commit/78640561f558a6c7396f8be48874f79a54f03420 https://github.com/frappe/lms/security/advisories/GHSA-h6fh-7f24-f2j5

Patch

https://frappe.io/framework